Stericycle, Inc. acquired by WM in November 2024.

• Established and leads the Data Protection Office, which manages the company’s global privacy compliance, records retention, and information asset classification programs. o Serves as the global Chief Privacy Officer and develops and implements the strategy to both serve the business and maintain compliance with relevant data protection regulations (GDPR, CCPA/CPRA, Quebec Law 25, etc.). o Implemented and oversees privacy compliance processes, such as Data Subject Access Request (DSAR) fulfillment, creation and maintenance of Records of Processing Activities (RoPA), performing Privacy Risk Assessments/Data Protection Impact Assessments (PIA/DPIA), and negotiating Data Processing Agreements (DPA). o Advises executive management and key stakeholders during the development of new products and services utilizing Privacy-by-Design (PbD) principles. o Develops and maintains privacy and data protection legal collateral, such as privacy notices, cookie policies and banners, Data Processing Agreements (DPAs), and internal corporate policies. o Created business area and IT governance processes to operationalize data privacy, records management, and Artificial Intelligence compliance programs. o Led the selection and deployment of a corporate privacy management solution to streamline and automate various privacy operational processes, such as RoPA maintenance and privacy risk assessments. • Co-led the development and implementation of the company’s Crisis Management Team, which focuses on efficient and effective mobilization of key leaders during a crisis event.• Created Stericycle’s ongoing privacy training and awareness programs to build a culture of data protection throughout the company.

• Led engagement teams across multiple industries, including consumer products, financial services, life sciences, manufacturing and industrial products, telecommunications, and higher education, to assist clients in transforming their privacy and cybersecurity functions to better serve the business.• Developed custom information security and privacy management strategies and programs, including business and IT processes, charters/mission statements, and policies, standards, guidelines, standard operating procedures.• Evaluated the current state of information security and data privacy programs, developed recommendations for improvement and alignment with industry leading practices, identified risk mitigation opportunities, and provided metrics for measuring organizational progress over time.• Served as a Performance Management Leader and mentor to develop individuals, provide career guidance, build teams, and further the growth of the Cyber Services practice.• Served as a KPMG National Training Instructor for the Advisory Practice, delivering in-person training on the topics of Privacy, Information Governance, and Data Protection, as well as New Hire/Onboarding and New Manager courses.

• Led team in creating, implementing, and refining a methodology for assessing the technical security risks for new and existing IT systems for consumer, commercial, and wholesale banking clients.• Collaborated with several teams to design the customer self-service module and overall functional and technical security requirements for the LaSalle Bank and Standard Federal Bank retail online banking applications.• Built the functional and technical security requirements for an imaging, work-flow, and document management system that digitized and managed the processing and approval of consumer loan applications.

• Collaborated with various IT operations support and development teams to ensure technical security requirements were defined, documented, tested, and implemented as part of all technology project deliverables.• Managed a project to institute access control and authentication best practices by configuring and enforcing network password policies across the enterprise.